OpenBSD's pf and traffic
Eugene M. Minkovskii
emin at mccme.ru
Tue Mar 22 05:09:16 PST 2005
"
" In a word, yes. The 'keep state' in these examples, would AFAIK mean
" that the counters would keep track of all traffic for a connection, so
" traffic initiated from the inside would match the pass out rule's
" counters, while connections opened from the outside would count on the
" pass in rules.
"
Unfortunely, this mean, that OpenBSD's pf can not measure
traffic, because we can not separate incoming and outgoing
traffic in bidirectional rule. Or we must not use keep state
feature.
--
Sensory yours, Eugene Minkovskii
Сенсорно ваш, Евгений Миньковский
More information about the freebsd-questions
mailing list